"Over the last half a week, Apple has been hit with the largest mass-hacking incident in its history. And the perpetrators were the company's own users. Nearly seven million iPhone, iPad and iPod touch owners have cracked Apple's restrictions on their devices using the jailbreaking tool Evasi0n since the tool was released Monday morning, according to the latest count from Jay Freeman, the administrator of the app store for jailbroken devices known as Cydia. That makes the iOS-hacking app the fastest-adopted jailbreak software of all time, Freeman says." Because, of course, only nerds and geeks jailbreak. There's also a technical analysis of the jailbreak.

7 million seems like a lot, until you consider that it's only about 4% of the userbase. Of course, I think Apple should open it up more, but if you're the kind to jailbreak a device, come join us over in the Android camp, and I'm talking about REAL Android Nexus devices, not the HTC/Samsung FrankenAndroid bullshit. You will find these devices to be not crippled like Apple's offerings, and the bootloader can be easily opened up for all kinds of custom ROM goodness

7 million seems like a lot, until you consider that it's only about 4% of the userbase. Of course, I think Apple should open it up more, but if you're the kind to jailbreak a device, come join us over in the Android camp, and I'm talking about REAL Android Nexus devices, not the HTC/Samsung FrankenAndroid bullshit.

I'd gladly do so, except that a lot of the apps I use on a daily basis don't yet exist there. It's basically the Windows/Linux situation as it was ten years ago all over again. I don't see a lot of the productivity apps that I use for Android, or they're just not up to par. I wish they were, and perhaps someday they will be, but most of the apps on Android seem to be more about consuming than creating where as we're starting to see a huge shift toward productivity applications on iOS now. If you've any app recommendations for these:
* iWork sweet (extremely touch-friendly office software with very good MS Word capability, no Microsoft's subscription service doesn't count)
* Fire2 voice recorder (recorder and audio editor with Dropbox integration)
* Garageband (excellent for portable music creation until I can get to a computer, perfect when an idea strikes me and I want to get a rough draft of it down before I forget it)
So far I've just not found any Android apps that come close to these three. There are apps that claim to be equivalent, but they either lack most of the functionality I want or are crash prone. Any suggestions?

I think it's good enough the way it is.
So many friends of mine have come to me asking to restore their iPhones because someone had jailbroken it and they were having problems.

I've jailbroken my first 2 iPhones but I stopped after some point because of all the small issues that kept cropping up; it's just not worth the hassle imho and I'm more than computer literate.

I have great respect for the jailbreaking community; there's lots of great "hacks" out there with great ideas both in terms of making the UI better and bringing new functionality.
However my objection is that many people jailbreak their iPhones to get free apps. First of all, apps are cheap enough and you should be rewarding developers for their work. Second of all, a majority of these types of people come back a few months later with problems that they can't handle themselves.

To conclude, I support jailbreaking but I don't think that Apple should be making it easier for the average person, if only for their own good.

To conclude, I support jailbreaking but I don't think that Apple should be making it easier for the average person, if only for their own good.

Ah, that old "we know what's best for you" line. Perhaps they need not make it easier, but they need not make it harder either. I still think an official way to jailbreak would be the best, but don't make it easy and do everything you can to scare those who can't handle it away. This cat and mouse game is ridiculous and is wasting developer resources that could be put to much more productive use. Plus, if you do think about it, the fact that developers are finding security holes in iOS in order to jailbreak is just a bit worrisome. I do understand why Apple closes these holes once they're found because, while most of the jailbreak community are honest, it only takes one dishonest individual to exploit these security holes for much more sinister purposes. I fully support them closing these holes, even though I do not support nor agree with their attitude towards jailbreaking. The more I think about it, The Apple/Jailbreak relationship must be a love/hate. On one hand, Apple hate what the jailbreakers do (officially at any rate) but on the other, they're essentially getting what amounts to a free security audit for at least a part of their operating system.
Edit: clarification.

[q][
Ah, that old "we know what's best for you" line. Perhaps they need not make it easier, but they need not make it harder either./q]

Maybe you didn't read my whole post but I think I've kind of answered this. Considering how hard it is right now to jailbreak, I've still had ~10 people come up to me and ask me to fix their "broken" iPhone; where in broken means some problem with the jailbreak. Imagine how much that number would jump if it was easier.

It's interesting that just today I was dealing with a jailbroken iOS device that had a lot of Malware on it. It's not the fault of jailbreaking itself, but a fault of the repositories this idiot added to Cydia. Nevertheless, I got a small taste today of why Apple wouldn't want to deal with it and, given how many random emails this phone was sending out, it would really have been a problem for those who didn't have a high data cap. The problem at the moment is that jailbreaking has become simple enough for anyone to do it, and so you do get a lot of people who are jailbreaking and really have no idea how to maintain their systems. I've seen this with Android as well. In both cases, it's usually a result of a user being too cheap to pay for a $0.99 app and pirating it instead, with some malware riding along.
I'm for an alternative approach. Allow side-loading in iOS, but only after turning on a "big red switch." This switch would, once turned on, send your serial number to Apple and void your warranty (unless, of course, you've paid for extra Applecare coverage). You could install any apps you want, but hopefully we could scare the people who shouldn't be side-loading away before they start causing problems. This has already been done with some HTC Android phones with their official boot loader unlocking tool. I think tha similar approach would be perfect here.

The problem at the moment is that jailbreaking has become simple enough for anyone to do it, and so you do get a lot of people who are jailbreaking and really have no idea how to maintain their systems.

Part of the problem is that apple opted for the easy way of doing security, effectively shunting those that desire choice to having no security and no education about security. Say what you will about laissez-faire on Android but at least the permissions view builds awareness of potential security issues that could arise.

MS learned to do security the "proper way" with windows (not metro/8 which is essentially a devolution).

Part of the problem is that apple opted for the easy way of doing security, effectively shunting those that desire choice to having no security and no education about security. Say what you will about laissez-faire on Android but at least the permissions view builds awareness of potential security issues that could arise.

Only if one reads them and only, in the case of side-loaded apk files, if the permissions in the package metadata are correct. Most pirated apks, from what I've seen, conveniently leave out a lot of the more suspicious permissions or omit them entirely. That's usually when someone asks me to help with their phone and it's like tech supporting an older Windows pc. Neither Android nor iOS have real security as part of the os.

Only if one reads them and only, in the case of side-loaded apk files, if the permissions in the package metadata are correct. Most pirated apks, from what I've seen, conveniently leave out a lot of the more suspicious permissions or omit them entirely. That's usually when someone asks me to help with their phone and it's like tech supporting an older Windows pc. Neither Android nor iOS have real security as part of the os.

Thanks for just making stuff up. The actual fact though is that permissions in Android are enforced at the platform level, and it has been this way since day one of the design and implementation.

Your app must request a permission to be able to use it. When the app is installed or updated, all permissions it has requested are shown to the user. That set of permissions is maintained by the platform from that time on and can't change outside of another update of the app. Every time it tries to do an operation associated with a permission, this is checked by the platform against the list of permissions currently granted to it and failed if it doesn't hold the needed permission. Period.

Of course like every other piece of software there can be bugs that in this case result in security holes that allow applications to gain more privileged access. Any such situation on Android that allows an app to bypass permissions that haven't been granted by the user is always considered a high priority security bug and fixed as quickly as possible. That isn't the normal operation of the platform.

Say what you will about laissez-faire on Android but at least the permissions view builds awareness of potential security issues that could arise.

As if. I know quite a lot of people with Android - phones and only the nerds understand permissions, not a single non-nerd. The availability of the permissions tab under Android has done fuck all about this. And why? Well, because you need to consciously seek them, you're not at any point asked about the permissions during normal operation, you're not allowed to change the permissions and they're way, WAY too vague to actually tell anything meaningful. You need to already have understanding about the topic to have even the vaguest idea about what each particular item on the permissions tab entails, and even then you're just not given enough details about any of them to really know if it's a good or a bad thing to allow it through.

As if. I know quite a lot of people with Android - phones and only the nerds understand permissions, not a single non-nerd. The availability of the permissions tab under Android has done fuck all about this. And why? Well, because you need to consciously seek them, you're not at any point asked about the permissions during normal operation, you're not allowed to change the permissions and they're way, WAY too vague to actually tell anything meaningful. You need to already have understanding about the topic to have even the vaguest idea about what each particular item on the permissions tab entails, and even then you're just not given enough details about any of them to really know if it's a good or a bad thing to allow it through.

While I would never claim that Android's permissions are perfect or anything like the end-all be-all that solves all security issues, they have certainly done more than fuck-all.

Two examples:

(1) It is not uncommon for Android applications that request excessive permissions to have people publicly complain about them and get the developer to clean up their act. This was honestly the best that I had hoped for with the permissions system: that they would raise awareness of what applications are doing to the people who care about this stuff and pay attention, who can then provide pressure and publicity to help protect normal users. And this has happened multiple times, and has helped all users of the platform.

(2) When my wife got her Android phone and started installing apps on it, she fairly quickly came across a game that needed permission to access her contacts. She was told this prior to the point of buying/installing the game (which is by design), got scared by the idea of this thing getting her contacts, and decided it wasn't worth it. This is a normal user, not a geek in any way, but it was clear enough to her that the app was going to be able to access her private data that she wasn't comfortable with. This is of course just one example, but we do put a lot of work into making the permissions shown to users as understandable as possible, and have continually done work to improve this, in pretty much every release, including the major update to the side loading permissions UI last year -- http://blogs.computerworld.com/android/21259/android-42-security has some example screen shots. (To be honest, that screen shot is not the best example of what would stop a normal user from installing an app, since that app doesn't actually request permission to any personal data or other things that a normal user would understand or care about. One of our ongoing goals has also been to use other tools to reduce the number of spammy less interesting permissions applications must request to do certain things.)

but we do put a lot of work into making the permissions shown to users as understandable as possible

Well, you need to put a lot more work into it. When e.g. an application requests permission to use USB-storage what files, exactly, is it requesting for permission to use -- its own files, or all the files on the storage device? You never know because the system makes no distinction about this and certainly doesn't tell anything useful!

Also, the system makes no distinction between what features require what functionality -- is it core functionality that requires access to e.g. your contacts, or is it some extra functionality that not everyone will use? Nor does the system allow one to deny permissions, you either accept all the requested permissions as-is or you don't get to install the app at all.

(To be honest, that screen shot is not the best example of what would stop a normal user from installing an app

That screenshot is not the best example of a user installing stuff anyways because Average Joe doesn't install stuff from downloaded apks.

Until this part. WTF? It's NONE of Apple's business who jailbreak their phones.

No, it's not, but unfortunately I can't think of a better way to make this work. There has to be able to be some record of the device being jailbroken, otherwise Apple will end up obligated to fix something they don't support. I'm trying to think of a more balanced way to handle it, but I just can't. Besides, I notice you don't raise any objection to HTC having known who unlocked their boot loaders. I don't particularly like any company having a record like that but, if such a system were to work, it's necessary.

I would have thought that's already the case. "
Officially, it is. However, unless the phone is blatantly jailbroken (e.g. you've got a cydia icon glaring out from your springboard) then odds are they'll not even check for it. For example, I saw an iPhone where a bad bit of malware pulled in managed to forceably overheat the device, which ended up frying the battery. It was completely, 100%, the fault of the user in this particular case. They downloaded this app, ran it, noticed their phone was getting hot but rather than remove it, they continued to use it. The result? Apple couldn't prove it was jailbroken, so they had to fix it. This would not have been covered by the warranty in any other circumstance. The only way I see to be fair to both the businesses and the power users is to have some form of record that the device has been jailbroken. I've tried to see another way to be fair to all sides, and I just don't.

There has to be able to be some record of the device being jailbroken, otherwise Apple will end up obligated to fix something they don't support

No, it really doesn't.
Apple techs can see if a phone they're working on has been jailbroken or not. If it has been jailbroken, no warranty. Sure, there might be the occasional clever person who can trick them but hey, them's the breaks so live with it.
Phones are no different from any other product in this respect.

The only way I see to be fair to both the businesses and the power users is to have some form of record that the device has been jailbroken.

"No, it's not, but unfortunately I can't think of a better way to make this work. There has to be able to be some record of the device being jailbroken, otherwise Apple will end up obligated to fix something they don't support. I'm trying to think of a more balanced way to handle it, but I just can't."

Your making this more complicated than it needs to be. Apple has the option of re-flashing the device to stock, or it can say that the warranty is voided and opt not to service jailbroken devices, or charge a fee to do so. What you are talking about is a non-problem.

I would have thought that's already the case. "
Officially, it is. However, unless the phone is blatantly jailbroken (e.g. you've got a cydia icon glaring out from your springboard) then odds are they'll not even check for it. For example, I saw an iPhone where a bad bit of malware pulled in managed to forceably overheat the device, which ended up frying the battery. It was completely, 100%, the fault of the user in this particular case. They downloaded this app, ran it, noticed their phone was getting hot but rather than remove it, they continued to use it. The result? Apple couldn't prove it was jailbroken, so they had to fix it. This would not have been covered by the warranty in any other circumstance. The only way I see to be fair to both the businesses and the power users is to have some form of record that the device has been jailbroken. I've tried to see another way to be fair to all sides, and I just don't. [/q]
If the hardware permits software to do something so blatantly stupid as this, then it's a hardware/firmware bug and I'd expect Apple to honour the warranty.

If one started trying to get apple to support the IOS on the device after installing malware through jailbreaking, then I'd expect a rejection of warranty.

Jailbreaking should void at most the software warranty, but the hardware should be covered until you break out the soldering iron or start drilling through the phone or what have you.

-sigh- Just realized the comment engine mangled that comment too late to fix... Worked in the preview though. Irritating.
My bit was:
If the hardware permits software to do something so blatantly stupid as this, then it's a hardware/firmware bug and I'd expect Apple to honour the warranty.

If one started trying to get apple to support the IOS on the device after installing malware through jailbreaking, then I'd expect a rejection of warranty.

Jailbreaking should void at most the software warranty, but the hardware should be covered until you break out the soldering iron or start drilling through the phone or what have you. [/q]

"By clever usage of a codeless dynamic library, existing valid methods (such as CFEqual()) can be re-exported as different methods with the same method signature, such that MISValidateSignature will always return 0, allowing any unsigned binary to run."

By remapping security functions to other functions, they were able to override the security checks and consequently validate the un-jailed binaries. The brilliant part of the exploit is that it used apple's pre-existing signed code (referred to as the TEXT section) and didn't have to inject unauthorized code.

I'm impressed with this work, but at the same time I wonder why apple's code validator only validated the TEXT section of the binary? It seems like an unnecessarily insecure way to validate code. Am I missing something?

7 million really isn't all that many, about as many as like to tinker with Linux within the broader PC universe, etc. Not a bad thing. I jailbroke and unlocked my original iPhone 1, it was interesting changing the look of things, putting unauthorized software onto the device, with the results sometimes useful and sometimes not. Sometimes that software crashed my phone, once it almost bricked it, causing me to go back to the stock software.

In the end, I thought about the whole thing and decided to stick with approved, stock software on any phone I own, primarily because on a device on which I am going to pretty much keep my life, my personal information, and my credit card information, that I have some assurances from the company who made the thing and its intended software, that the device will be secure and not subject to hackers and that all that personal information will be safe. As a jailbroken device, no one, not apple, not Cydia, none of the software providers, nobody, can assure me of that security or take responsibility should anything damage me or my device. That is VERY important to me. Maybe it is not to other people and that's fine if they don't want to take the risk, just don't come whining to your local Apple store or to Apple itself when your identity has been stolen because of some jailbroken app.

It's crazy that people here are saying 7 million isn't a big number. That's certainly a big number whether that's the entire userbase, or just a tiny sliver of it. Find an area large enough to put 7 million people, have them all stand there, and take an aerial photo. Then look at that photo and try convincing everyone 7 million people is nothing. Good luck with that.

Put them next to a group of 500 million iOS users and they are the much smaller group.

Sure, 7 M is a big nummer, but a small percentage of the total people that could jailbreak.

The point is that it doesn't really matter what percentage of the total 7 million is -- 7 million is a lot of people.

Of those 7 M a large number probably didn't even perform the jailbreak themselves. The actual number of people that really do the jailbreaking is much smaller than 7 M.

Where did you hear this? Jailbreaking an iphone is as easy as downloading an app, running it, and waiting for it to finish. It takes more effort to sync or backup an iphone with itunes and everyone from kids to grandmas manage to do that no problem.

Yes, 7 million is a big number. But I don't think we must forget that the pool is pretty huge. If it was much smaller it would be more difficult to reach such a number. Also as the percentage of the total iOS users is pretty low the negative impact is also very low.

It's pretty easy to find random people in the street having an iPhone, but finding one that is jailbroken is much harder.

It's still early days, that 7 million number will probably go up a lot over time.

Regarding jailbreaking for others: I've been asked to jailbreak a number of devices and I know a lot of people ask others to perform these kind of tasks (for money even), not just related to the iPhone, but also to game consoles and Microsoft Products.

I never jailbroke a phone for anyone. I did jailbreak my iPhone 3G when I already had a new iPhone and it made me decide to never do it to my current phone, because it totally sucks. Mind you, this was NOT an easy process.

Then again I don't think it matters much if everybody does his own jailbreak or people help each other out. It's the intention and result that counts. It's pretty much the same wether you ask your computer to jailbreak or make someone else press the button.

iPhones and iPads have been on sale for years and many of those have probably never updated past the OS iteration that they were sold with if my circle of friends and work colleagues is anything to go by.

iPhones and iPads have been on sale for years and many of those have probably never updated past the OS iteration that they were sold with if my circle of friends and work colleagues is anything to go by.

That's bizarre to me because in my office I see the opposite. Every iphone owner I can think of (and there are many) is up-to-date when it comes to ios. Granted, I don't know what the breakdown is - those who intentionally update vs. people who do only because itunes pops up a notice.

I jailbroke my previous iPhone running on iOS 5.1.1. I have to admit to being disappointed. It's not that the system was difficult to maintain and keep stable (no more difficult than maintaining Debian really) but that there just weren't a lot of apps I was interested in. I'd hoped to find some amazing media players that could play anything I'd throw at them better than the ones in the App Store. I'd hoped to find a terminal that would let me have a CLI without having to do a loopback ssh connection. I wanted to enable full multitasking. What did I find? I've found vlc which, at the time, could only play files transferred to the device (no playing from smb or other remote shares). I found mobile terminal, which didn't even work. Then there was backgrounder which has been abandoned and now causes serious system instabilities (so much for bypassing iOS's multitasking restrictions). I found loads of themes and springboard tweaks which, if used in the wrong combination, not only make your springboard unstable but make your iPhone reboot more often than a pc running Windows ME on bad ram. I found other repositories, many of which are filled with cracked software that's been altered in who knows what way and if you're dumb enough to install it you deserve whatever's coming.
Did I find a few things I liked? Absolutely. Browser changer (Atomic being the default browser in my case) and kill background to add a configurable kill all button to the app switcher. There was also iTransmission, when I needed to download an iso remotely and didn't have my laptop. But, when I ultimately did decide to update to iOS6 I couldn't just run an OTA or iTunes update. No, I had to do a restore from backup which took forever and, on top of that, didn't save half of the settings I would have liked. Not finding much of what I wanted, and the update pain, mean that I probably won't be jailbreaking again any time in the near future. I don't care about crazy wallpapers or themes, springboard tweaks are recipes for instabilities, and there just aren't enough up-to-date apps to make the pain worth the very small gain.